When a system is compromised, it will contain so many backdoors and hacked software libraries. So to change your password will just tell the attacker how to complete your personal password portfolio: people is mostly using the same passwords on many sites, so they collect passwords and try them on other websites.
When a system is compromised, the only way to fix it is to build another from scratch: there are too many malicious routines which can be everywhere, starting from libraries, operating system, even firmware - which is very close to hardware - can be compromised.
Until Y! don't literally wipe it out and create a new system from scratch, a compromised system is the last system you should give your new credentials to. Since they don't even have money for their business as usual, it is very unlikely they will create a new system from scratch.
I'm sorry, to give Y! new credentials is the best way to get them stolen again.
RE: 1 Billion Yahoo Accounts Compromised